Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
742
Views
0
Helpful
6
Replies

RSPAN, SPAN and general monitoring techniques

Go to solution
brandon.n
Level 1
Level 1

‎10-22-2007 01:23 PM - edited ‎03-05-2019 07:14 PM

I have a dilemma. I need to monitor 4 links. for inbound and outbound traffic. A hub is out of the question as traffic won't be seperated. Currently I am using a product called nTap to tap the four links back to a Cisco switch. The problem is SPAN only allows for 2 sessions. So 2 links can't be monitored. Attached is a diagram. Would RSPAN be better? Is RSPAN easier to configure? What exactly is VSPAN and when would it be best applicable?

Labels:
Preview file
1 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kevin Dorrell
Level 10
Level 10
In response to brandon.n

‎10-23-2007 07:53 AM

So, create an RSPAN VLAN and make sure it goes wherever you need it.

Then, on the switch(es) you want to source from:

monitor session 1 source interface f2/2 options

monitor session 1 source interface f2/8 options

etc

monitor session 1 destination remote vlan 40

exit

show monitor

On your sniffing switch

monitor session 1 source remote vlan 40

monitor session 1 destination interface f0/4

exit

show monitor

Kevin Dorrell

Luxembourg

View solution in original post

0 Helpful
6 Replies 6

Go to solution
brandon.n
Level 1
Level 1

‎10-23-2007 05:44 AM

Bump.

0 Helpful

Go to solution
Kevin Dorrell
Level 10
Level 10

‎10-23-2007 07:15 AM

I am sure this will be possible.

Generally, it is not one session per port source monitored. Each session can monitor several ports in the switch.

But before I give you a load of configs that you cannot use, what sort of switches are you working with: IOS or CatOS. And what model?

Kevin Dorrell

Luxembourg

0 Helpful

Go to solution
brandon.n
Level 1
Level 1
In response to Kevin Dorrell

‎10-23-2007 07:28 AM

Thanks Kevin... we have any switch you can name. Preferably I want to do it on a 3550 but a 3750 is okay as well. IOS version only, no CatOS.

0 Helpful

Go to solution
Kevin Dorrell
Level 10
Level 10
In response to brandon.n

‎10-23-2007 07:53 AM

So, create an RSPAN VLAN and make sure it goes wherever you need it.

Then, on the switch(es) you want to source from:

monitor session 1 source interface f2/2 options

monitor session 1 source interface f2/8 options

etc

monitor session 1 destination remote vlan 40

exit

show monitor

On your sniffing switch

monitor session 1 source remote vlan 40

monitor session 1 destination interface f0/4

exit

show monitor

Kevin Dorrell

Luxembourg

0 Helpful

Go to solution
brandon.n
Level 1
Level 1
In response to Kevin Dorrell

‎10-23-2007 08:18 AM

Excellent Kevin.. I will try this. Your help is greatly appreciated :)

0 Helpful

Go to solution
Konstantin Dunaev
Level 4
Level 4
In response to brandon.n

‎10-23-2007 11:31 PM

don't forget that on low-end switches eg. 2950, 2970 you need the mirror port to configure the RSPAN session. that ports should no be used and should not be in "disable" status.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card